Top information security technologies for 2017
Posted on August 18, 2017
US research firm Gartner recently released a summary of the top technologies for information security in 2017.
Gartner vice-president Neil MacDonald warned the cyber threat level for enterprises is currently very high, as attackers continue to improve their abilities.
"Security and risk leaders must evaluate and engage with the latest technologies to protect against advanced attacks,'' said MacDonald.
Key technologies identified by Gartner include:
Cloud workload protection platforms
Uptake of public cloud-based infrastructure as a service (IaaS) by Australian enterprises grew by over 60 per cent in 2016, and is forecast to reach over $1 billion by 2020. Securing cloud workloads adds another layer of complexity to an already challenging information security environment.
Gartner says hybrid cloud workload protection platforms that offer a single management console to protect workloads across public and private cloud infrastructure, physical machines, virtual machines and containers, will become increasingly important for information security managers.
Almost all successful cyberattacks are launched over the public internet, and browser-based threats are the leading source of attacks on users. Information security architects can't stop attacks, but they can contain damage by isolating end-user internet browsing sessions from enterprise endpoints and networks.
Remote browser technology isolates the dangerous task of executing web content in a one-time-use remote virtual machine. No website code is accessed by the user, only a real-time interactive image of the website.
Growing interest in this technology is evidenced by security giant Symantec’s recent acquisition of Israeli security firm Fireglass, in a move to add remote browser isolation to its services.
Deception technologies use deceit, decoys and tricks to disrupt, delay or detect attacks. They’re also able to span multiple layers within the stack, including endpoint, network, application and data.
Cybersecurity leaders McAfee recently integrated the deception technology of Attivo Networks into their centralised security management software, giving them the ability to “make the entire network a trap, and create a setting where what is real and what is not becomes unclear to the attacker”.
By 2018, Gartner predicts that 10 percent of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers.
Endpoint detection and response
Endpoint detection and response augments traditional endpoint preventative controls, such as an antivirus, by monitoring endpoints for indications of unusual behaviour and activities indicative of malicious intent.
According to Gartner, “Organisations investing in EDR tools are purposefully moving from an ‘incident response’ mentality to one of ‘continuous monitoring’ in search of incidents that they know are constantly occurring.”
Network traffic analysis
Network traffic analysis (NTA) solutions monitor network traffic, flows, connections and objects for unusual behaviours that may be indicative of malicious intent.
Enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security should consider NTA as a way to help identify, manage and triage these events, says Gartner.
Once cyber attackers have breached enterprise IT systems, they can typically move unimpeded laterally into other systems.
Microsegmentation enables enterprises to logically divide data centres into discrete security segments and then define security controls for each unique segment. Like bulkheads in a submarine, microsegmentation helps to limit damage in the event that the perimeter has been breached
Developed by the Cloud Security Alliance, a not-for-profit organisation dedicated to ensuring ensure a secure cloud computing environment, software-defined perimeter (SDP) technology is based on the US Department of Defense's "need-to-know" model.
Also referred to as a ‘black cloud’, SDP technology ensures that all endpoints attempting to access a given infrastructure are authenticated and authorised prior to entrance. Once authorised, trusted devices are given unique, temporary cryptographic connections. Until then, the infrastructure being protected by an SDP is ‘black’.
Gartner predicts that by the end of 2017, at least 10 per cent of enterprises will be using SDP technology.
The use of operating system level virtualisation, or ‘containers’, is finding favour among Australian enterprises, with 70 per cent currently using or investigating it.
Containers use a shared operating system (OS) model. An attack on a vulnerability in the host OS could lead to a compromise of all containers. Containers are not inherently insecure, but they are often deployed in an unsecure manner by developers, with little or no involvement from security teams and little guidance from security architects.
Traditional network and host-based security solutions are blind to containers. Gartner says container security solutions protect the entire lifecycle of containers, from creation into production, and most container security solutions provide preproduction scanning combined with runtime monitoring and protection.
Speak to Vocus to learn more about how state-of-the-art networks and cloud services can enhance your enterprise’s information technology with highly secure and resilient solutions.